Pair of
ethical hackers known as CastHack have reportedly figured out how to hijack an
apparent high number of Chromecast dongles cautioning their users about yet
another security threat. This risk clearly attacks Google's Chromecast
streaming devices driving users to play any YouTube video of the attacker’s
choice.

The hackers,
went on to display a message cautioning users about the security defect
alongside a link clarifying how it can be fixed, at the same time requesting
that users subscribe in to a prominent YouTuber PewDiePie.

CastHack
exploits a shortcoming in the Universal Plug and Play (UPnP) networking
standard in specific routers, which permits a part of the connected devices
that are accessible on the web. The bug though, can be effectively fixed by
disabling UPnP on theInternet router.

The company
however says that it’s a 'flaw'that
influences the routers instead of the Chromecast itself, therefore it isn't
Google's fault in the least.

Regardless,
this new risk to Chromecast isn't the first as there have been many comparable
issues before. To be specific in 2014 and 2016, when the security firm Bishop
Fox had revealed that it could effectively gain control of a Chromecast by
disengaging it from its present Wi-Fi system and returning it to a factory
state and when another cyber security firm called Pen Test Partner affirmed
that the gadget was as yet defenseless against such comparable attacks.

Security
researchers are continuously observing DDoS attacks that utilize the UPnP
features of home routers to modify network packets and make DDoS attacks harder
to be recognizable and relieve with classic solutions.

Researchers
from Imperva detailed the first UPnP port masking method, a new technique, a
month ago.

Imperva
staff announced that some DDoS botnets had begun utilizing the UPnP protocol
found on home routers to skip the DDoS traffic off the router, but change the
traffic's source port to an arbitrary number.

By changing
the source port, more seasoned DDoS mitigation systems that depended on
perusing this data to square approaching attacks started failing left and
right, thus permitting the DDoS attacks to hit their intended targets.

The new DDoS
mitigation systems that depend on deep packet inspection (DPI) are fit for
identifying these sorts of attacks that utilize randomized source ports,
however these are likewise more fiscally expensive for users and furthermore
work slower, thus taking more time to distinguish and stop attacks.

\

Researchers
at Imperva, Back in May, said that they've seen botnets executing DDoS attacks
through the DNS and NTP protocols , but by utilizing UPnP to camouflage the
traffic as originating from irregular ports, and not port 53 (DNS) or port 123
(NTP).

In those
days, Bleeping Computer had foreseen that the strategy would turn out to be
more prevalent among the botnet creators. This feeling turned out to be true
yesterday when in a report by Arbor Networks, the organization wrote about
observing comparative DDoS attacks that utilized the UPnP protocol, yet this
time the procedure was utilized to mask the SSDP-based DDoS assaults.

SSDP DDoS
attacks that would have been effectively moderated by blocking the approaching
packets that came from port 1900 were harder to spot as the majority of the
traffic originated from random ports rather than just one.

This
UPnP-based port masking technique is obviously spreading among DDoS
administrators, and DDoS mitigation providers will have to alter on the off
chance that they need to stay in business, while organizations should put into
overhauled securities in the event that they need to stay above water amidst
these new types of deadly DDoS attacks.